From 70ad2fcee074bbd1947f067d508d3e5c1fe4eb85 Mon Sep 17 00:00:00 2001
From: Ferran Marcet <fmarcet@2byte.es>
Date: Tue, 4 Aug 2020 16:45:57 +0200
Subject: [PATCH] Fix: User can see events that are not assigned to it

---
 htdocs/core/lib/security.lib.php | 19 -------------------
 1 file changed, 19 deletions(-)

diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php
index 41534d8aac3..f9db2a0e796 100644
--- a/htdocs/core/lib/security.lib.php
+++ b/htdocs/core/lib/security.lib.php
@@ -248,25 +248,6 @@ function restrictedArea($user, $features, $objectid = 0, $tableandshare = '', $f
 		{
 			if (! $user->rights->projet->lire && ! $user->rights->projet->all->lire) { $readok=0; $nbko++; }
 		}
-		elseif ($feature == 'agenda')
-		{
-			if ($objectid > 0) {
-				require_once DOL_DOCUMENT_ROOT . '/comm/action/class/actioncomm.class.php';
-				$action = new ActionComm($db);
-				$action->fetch($objectid);
-				if (empty($user->rights->agenda->allactions->read) && (($action->authorid != $user->id && $action->userownerid != $user->id && !(array_key_exists($user->id,
-								$action->userassigned))) || empty($user->rights->agenda->myactions->read))) {
-					$readok = 0;
-					$nbko++;
-				}
-			}
-			else{
-				if (empty($user->rights->agenda->myactions->read) && empty($user->rights->agenda->allactions->read)) {
-					$readok = 0;
-					$nbko++;
-				}
-			}
-		}
 		elseif (! empty($feature2))														// This is for permissions on 2 levels
 		{
 			$tmpreadok=1;